Lucene search
K

8 matches found

Cvelist
Cvelist
added 2025/12/24 8:2 a.m.27 views

CVE-2025-64641 Mattermost Jira plugin crafted action leaks Jira issue details

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...

4.1CVSS0.00146EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/22 6:47 a.m.8 views

WordPress Tickera plugin < 3.5.2.5 - Ticket leakage through IDOR vulnerability

Ticket leakage through IDOR vulnerability discovered by Martin Thirup Christensen in WordPress Plugin Tickera versions 3.5.2.5...

5.3CVSS7AI score0.00515EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2024/04/22 5:15 a.m.19 views

CVE-2023-7252

The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets...

5.3CVSS6.5AI score0.00515EPSS
Exploits2References1
CVE
CVE
added 2024/04/22 5:0 a.m.81 views

CVE-2023-7252

CVE-2023-7252 affects the Tickera WordPress Event Ticketing plugin (before 3.5.2.5). Multiple sources confirm an Insecure Direct Object Reference (IDOR) condition that permits leakage of other users’ tickets due to insufficient access controls. The issue is tracked in public CVE records with the ...

5.3CVSS9.3AI score0.00515EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/22 5:0 a.m.14 views

CVE-2023-7252 Tickera < 3.5.2.5 - Ticket leakage through IDOR

The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets...

4AI score0.00515EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.7 views

PT-2024-15252 · WordPress · Tickera

Name of the Vulnerable Software and Affected Versions: The Tickera WordPress plugin versions prior to 3.5.2.5 Description: The issue allows users to leak other users' tickets due to a lack of proper prevention mechanisms. Recommendations: For versions prior to 3.5.2.5, update to version 3.5.2.5 o...

5.3CVSS9.4AI score0.00515EPSS
Exploits2References4
wpexploit
wpexploit
added 2024/04/01 12:0 a.m.161 views

Tickera < 3.5.2.5 - Ticket leakage through IDOR

Description The plugin does not prevent users from leaking other users' tickets. After a user has bought a ticket, an example of a ticket would look like https://www.website.com/?downloadticket=1&orderkey=1234567890&downloadticketnonce=ab903b7c71, but due to missing validation, the URL can be...

6.8AI score0.00515EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Tickera < 3.5.2.5 - Ticket leakage through IDOR

Description The plugin does not prevent users from leaking other users' tickets. PoC After a user has bought a ticket, an example of a ticket would look like https://www.website.com/?downloadticket=1key=1234567890ticketnonce=ab903b7c71, but due to missing validation, the URL can be shortened to...

6.4AI score0.00515EPSS
Exploits2Affected Software1
Rows per page
Query Builder